Tue, Jul 09, 2019 - Page 10 News List

BA fined over passenger data hack


British Airways airplanes stand parked at Heathrow Airport gates in London on May 29, 2017.

Photo: EPA-EFE

British Airways (BA) has been fined more than £183 million (US$229.28 million) after computer hackers last year stole bank details from hundreds of thousands of passengers, its parent group IAG SA said yesterday.

The British Information Commissioner’s Office intends to issue the airline with a penalty notice under the British Data Protection Act, totaling £183.39 million, IAG said in a statement.

The fine is equivalent to 1.5 percent of British Airways’ turnover in 2017, IAG added.

IAG chief executive Willie Walsh said it would consider appealing the fine as it seeks “to take all appropriate steps to defend the airline’s position vigorously.”

British Airways CEO Alex Cruz said that the airline was “surprised and disappointed” by the penalty.

“British Airways responded quickly to a criminal act to steal customers’ data,” he said in the statement.

“We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologize to our customers for any inconvenience this event caused,” Cruz added.

The airline revealed the hack in September last year, just a few months after the EU tightened data protection laws with the so-called the General Data Protection Regulation (GDPR).

The stolen data comprised customer names, postal addresses, e-mail addresses and credit card information, but the 15-day breach, which was fixed on discovery, did not involve travel or passport details.

Following disclosure of the hack, the airline promised to compensate affected customers and took out full-page advertisements in UK newspapers to apologize to passengers.

Meanwhile, it described the mass theft as “a very sophisticated, malicious, criminal attack on our Web site.”

IAG is also the owner of Aer Lingus, Iberia, Level and Vueling, none of which were affected by the hack.

The GDPR establishes the key principle that individuals must explicitly grant permission for their data to be used.

The case for the new rules had been boosted by a scandal over the harvesting of Facebook Inc users’ data by Cambridge Analytica Ltd, a US-British political research firm, for the 2016 US presidential election.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top